Target said Friday that its customers’ encrypted debit card PINs were obtained in a data breach during the holiday shopping season, but that accounts have not been compromised.

New forensic work revealed that encrypted PIN data, or the personal identification code used to protect credit or debit cards, was removed with the name and card numbers during the hack between Nov. 27 and Dec. 15, according to a company statement.

Target said it was still in the early stages of the investigation, but is “confident” debit card accounts were not compromised because the data was still strongly encrypted when it was taken. The statement said a PIN can only be decrypted after it is received by an independent payment processor.